xref: /openbsd-src/usr.bin/doas/doas.1 (revision f2da64fbbbf1b03f09f390ab01267c93dfd77c4c) 
1.\" $OpenBSD: doas.1,v 1.19 2016/09/04 15:20:37 tedu Exp $
2.\"
3.\"Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
4.\"
5.\"Permission to use, copy, modify, and distribute this software for any
6.\"purpose with or without fee is hereby granted, provided that the above
7.\"copyright notice and this permission notice appear in all copies.
8.\"
9.\"THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10.\"WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11.\"MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12.\"ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13.\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14.\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15.\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16.Dd $Mdocdate: September 4 2016 $
17.Dt DOAS 1
18.Os
19.Sh NAME
20.Nm doas
21.Nd execute commands as another user
22.Sh SYNOPSIS
23.Nm doas
24.Op Fl Lns
25.Op Fl a Ar style
26.Op Fl C Ar config
27.Op Fl u Ar user
28.Ar command
29.Op Ar args
30.Sh DESCRIPTION
31The
32.Nm
33utility executes the given command as another user.
34The
35.Ar command
36argument is mandatory unless
37.Fl C ,
38.Fl L ,
39or
40.Fl s
41is specified.
42.Pp
43The options are as follows:
44.Bl -tag -width tenletters
45.It Fl a Ar style
46Use the specified authentication style when validating the user,
47as allowed by
48.Pa /etc/login.conf .
49A list of doas-specific authentication methods may be configured by adding an
50.Sq auth-doas
51entry in
52.Xr login.conf 5 .
53.It Fl C Ar config
54Parse and check the configuration file
55.Ar config ,
56then exit.
57If
58.Ar command
59is supplied,
60.Nm
61will also perform command matching.
62In the latter case
63either
64.Sq permit ,
65.Sq permit nopass
66or
67.Sq deny
68will be printed on standard output, depending on command
69matching results.
70No command is executed.
71.It Fl L
72Clear any persisted authorizations from previous invocations,
73then immediately exit.
74No command is executed.
75.It Fl n
76Non interactive mode, fail if
77.Nm
78would prompt for password.
79.It Fl s
80Execute the shell from
81.Ev SHELL
82or
83.Pa /etc/passwd .
84.It Fl u Ar user
85Execute the command as
86.Ar user .
87The default is root.
88.El
89.Sh EXIT STATUS
90.Ex -std doas
91It may fail for one of the following reasons:
92.Pp
93.Bl -bullet -compact
94.It
95The config file
96.Pa /etc/doas.conf
97could not be parsed.
98.It
99The user attempted to run a command which is not permitted.
100.It
101The password was incorrect.
102.It
103The specified command was not found or is not executable.
104.El
105.Sh SEE ALSO
106.Xr su 1 ,
107.Xr doas.conf 5
108.Sh HISTORY
109The
110.Nm
111command first appeared in
112.Ox 5.8 .
113.Sh AUTHORS
114.An Ted Unangst Aq Mt tedu@openbsd.org
115